Sign-up

VARIoT news about IoT security

Vulnerability in Cisco Smart Software Manager lets attackers change any user password | Ars Technica

Trust: 4.0

Fetched: July 27, 2024, 7:16 p.m., Published: July 17, 2024, 7:47 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-20419

Vulnerabilities in PanelView Plus devices could lead to remote code execution - TQT Group

Related entries in the VARIoT vulnerabilities database: VAR-202309-2171

Trust: 5.25

Fetched: July 27, 2024, 7:15 p.m., Published: July 9, 2024, 9:54 a.m.
 Vulnerabilities: code execution, information disclosure
Affected productsExternal IDs
vendor: rockwellautomation model: automation panelview plus
vendor: rockwellautomation model: factorytalk view
vendor: rockwellautomation model: factorytalk
vendor: rockwellautomation model: automation panelview
vendor: rockwellautomation model: rslogix
vendor: rockwell model: automation panelview plus
vendor: rockwell model: factorytalk view
vendor: rockwell model: factorytalk
vendor: rockwell model: automation panelview
vendor: rockwell model: rslogix
vendor: rockwell automation model: automation panelview plus
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation panelview
vendor: rockwell automation model: rslogix
db: NVD ids: CVE-2023-20719, CVE-2023-2071, CVE-2023-294648

CVE - CVE-2018-0002

Related entries in the VARIoT vulnerabilities database: VAR-201801-1070

Trust: 5.0

Fetched: July 27, 2024, 7:14 p.m., Published: Aug. 24, 2030, midnight
 Vulnerabilities: memory corruption, denial of service
Affected productsExternal IDs
db: NVD ids: CVE-2018-0002

Samsung Galaxy Critical Update Expected In August For…

Trust: 3.75

Fetched: July 27, 2024, 7:13 p.m., Published: Aug. 27, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2024-29745, CVE-2024-32896

North Korean Hacker, Critical Software Flaws, Secure Boot At Risk

Trust: 4.0

Fetched: July 27, 2024, 7:12 p.m., Published: July 26, 2024, midnight
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-6327

China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices

Trust: 4.0

Fetched: July 27, 2024, 7:12 p.m., Published: July 1, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: nexus
vendor: cisco model: series switches
vendor: cisco model: series
vendor: cisco model: cisco nx-os
db: NVD ids: CVE-2024-20399

D-Link DAP-1650 EOL Device Multiple Command Injection Vulner... - vulnerability database | Vulners.com

Trust: 5.75

Fetched: July 27, 2024, 7:11 p.m., Published: July 19, 2024, midnight
 Vulnerabilities: command injection
Affected productsExternal IDs
vendor: dlink model: dap-1650_firmware
vendor: dlink model: dap-1650
vendor: d-link model: dap-1650_firmware
vendor: d-link model: dap-1650
db: NVD ids: CVE-2024-23625, CVE-2024-23624

RADIUS Protocol Spoofing Vulnerability (Blast-RADIUS): July 2024

Trust: 3.0

Fetched: July 27, 2024, 7:11 p.m., Published: July 24, 2024, 7:33 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: cisco model: aironet 3800 series
vendor: cisco model: aironet 1560
vendor: cisco model: nexus
vendor: cisco model: umbrella
vendor: cisco model: aironet 1810w series access points
vendor: cisco model: catalyst iw6300
vendor: cisco model: firepower
vendor: cisco model: catalyst 9100
vendor: cisco model: wireless lan controllers
vendor: cisco model: series
vendor: cisco model: aironet 1850
vendor: cisco model: catalyst
vendor: cisco model: fxos
vendor: cisco model: aironet 1540
vendor: cisco model: catalyst 9100 series
vendor: cisco model: evolved programmable network manager
vendor: cisco model: aironet 1810
vendor: cisco model: aironet 1830 series
vendor: cisco model: aironet
vendor: cisco model: policy suite
vendor: cisco model: aironet 1540 series
vendor: cisco model: aireos
vendor: cisco model: aironet 2800 series
vendor: cisco model: aironet 3800
vendor: cisco model: aironet 1560 series
vendor: cisco model: aironet 2800
vendor: cisco model: ucs b-series blade servers
vendor: cisco model: access points
vendor: cisco model: aironet 1810 series
vendor: cisco model: aironet 1830
vendor: cisco model: aironet 4800
vendor: cisco model: aironet 1850 series
vendor: cisco model: cisco evolved programmable network manager

Siemens vulnerability (CVE-2024-35292) - Find affected devices

Related entries in the VARIoT vulnerabilities database: VAR-202406-0059

Trust: 4.5

Fetched: July 27, 2024, 7:09 p.m., Published: July 16, 2024, 9 p.m.
 Vulnerabilities: code execution, denial of service, privilege escalation...
Affected productsExternal IDs
vendor: siemens model: s7-200 smart
vendor: siemens model: scalance
vendor: siemens model: simatic s7-200
vendor: siemens model: simatic s7-200 smart
vendor: siemens model: simatic
vendor: siemens model: ruggedcom
db: NVD ids: CVE-2024-35292

CVE-2024-6422 - TelnetD Remote Unauthenticated Command Execution Vulnerability in Cisco Device

Trust: 5.0

Fetched: July 27, 2024, 7:08 p.m., Published: July 10, 2024, 8:15 a.m.
 Vulnerabilities: command execution
Affected productsExternal IDs
db: NVD ids: CVE-2024-6422

Product Security | Baxter

Trust: 4.5

Fetched: July 27, 2024, 7:02 p.m., Published: -
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: baxter model: sigma spectrum infusion system
vendor: baxter model: spectrum infusion system
vendor: baxter model: prismaflex
vendor: baxter model: prismax
vendor: treck model: tcp/ip stack
db: NVD ids: CVE-2019-0708

CVE-2023-41921 - Apache Device Firmware Remote Code Execution Vulnerability

Trust: 5.25

Fetched: July 27, 2024, 7:02 p.m., Published: July 2, 2024, 8:15 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
db: NVD ids: CVE-2023-41921

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware

Related entries in the VARIoT vulnerabilities database: VAR-202401-0919

Trust: 5.5

Fetched: July 27, 2024, 7:02 p.m., Published: July 2, 2024, 4:48 a.m.
 Vulnerabilities: path traversal, code execution, command injection...
Affected productsExternal IDs
vendor: cisco model: nx-os software
vendor: cisco model: nx-os
vendor: cisco model: nexus
vendor: cisco model: series switches
vendor: cisco model: mds 9000 series
vendor: cisco model: nexus 9000 series
vendor: cisco model: nexus devices
vendor: cisco model: series
vendor: cisco model: mds 9000
vendor: cisco model: nexus 3000
vendor: cisco model: routers
vendor: cisco model: nexus 7000
vendor: cisco model: nexus 9000
vendor: cisco model: cisco nx-os
vendor: d-link model: dir-859
db: NVD ids: CVE-2024-20399, CVE-2024-0769

Vulnerabilities in PanelView Plus devices could lead to remote code execution - RedPacket Security

Related entries in the VARIoT vulnerabilities database: VAR-202309-2171

Trust: 5.5

Fetched: July 27, 2024, 7:01 p.m., Published: July 3, 2024, 10:01 a.m.
 Vulnerabilities: code execution
Affected productsExternal IDs
vendor: rockwell model: automation panelview plus
vendor: rockwell model: factorytalk view
vendor: rockwell model: factorytalk
vendor: rockwell model: automation panelview
vendor: rockwell model: rslogix
vendor: rockwell automation model: automation panelview plus
vendor: rockwell automation model: factorytalk view
vendor: rockwell automation model: factorytalk
vendor: rockwell automation model: automation panelview
vendor: rockwell automation model: rslogix
db: NVD ids: CVE-2023-2071

Samsung says a critical security patch is making its way to Galaxy devices soon

Trust: 3.5

Fetched: July 27, 2024, 7:01 p.m., Published: July 19, 2024, 2:54 p.m.
 Vulnerabilities: -
Affected productsExternal IDs
vendor: google model: pixel
vendor: google model: android
vendor: samsung model: galaxy
vendor: samsung model: samsung galaxy
db: NVD ids: CVE-2024-29745, CVE-2024-32896

CVE-2024-4786 - Lenovo Tab K10 Denial of Sleep (DoS) Vulnerability

Trust: 5.25

Fetched: July 27, 2024, 6:58 p.m., Published: July 26, 2024, 8:15 p.m.
 Vulnerabilities: improper validation
Affected productsExternal IDs
db: NVD ids: CVE-2024-4786

Cisco Identity Services Engine Arbitrary File Upload Vulnerability

Trust: 3.75

Fetched: July 27, 2024, 6:50 p.m., Published: July 17, 2024, 4 p.m.
 Vulnerabilities: file upload vulnerability
Affected productsExternal IDs
vendor: cisco model: identity services engine
vendor: cisco model: cisco identity services engine

IoT device security: The role of penetration testing | Synopsys Blog

Trust: 3.0

Fetched: July 27, 2024, 6:44 p.m., Published: July 16, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs

Millions of Devices Vulnerable to 'PKFail' Secure Boot Bypass Issue

Related entries in the VARIoT vulnerabilities database: VAR-201609-0149

Trust: 3.5

Fetched: July 27, 2024, 6:38 p.m., Published: July 5, 2024, midnight
 Vulnerabilities: -
Affected productsExternal IDs
vendor: asus model: asus
vendor: lenovo model: updates
db: NVD ids: CVE-2016-5247

RADIUS Protocol Vulnerability Exposes Network Device Authentication - InfoQ

Trust: 3.0

Fetched: July 27, 2024, 6:38 p.m., Published: -
 Vulnerabilities: -
Affected productsExternal IDs
db: NVD ids: CVE-2024-3596